Re: Changing the info in the sudoers file
Re: Changing the info in the sudoers file
- Subject: Re: Changing the info in the sudoers file
- From: Jeremy Reichman <email@hidden>
- Date: Wed, 16 Jul 2008 11:32:04 -0400
- Thread-topic: Changing the info in the sudoers file
If you're editing the live sudoers file, which you can do, you should use a
sudo-capable admin account and run the "visudo" command in Terminal.
It acts like the vi editor, which is not the most friendly text editor but
as long as you know how to switch modes with the Esc key and enter one of
the editing modes (using commands like "i" for insert or "a" for append),
it's not bad. There are lots of on-line guides for vi (or vim -- "vi
improved," which is the version of vi that comes with Leopard).
Even if you didn't run "visudo," you probably won't cause a lot of harm by
editing the live sudoers file in an editor like TextWrangler (which is free
and provides authentication to edit protected files).
If your ultimate goal is to have a new version of sudoers to redistribute,
this will get you an edited file that you can try out and copy. When it is
copied to other systems, make sure that ownership and permissions are set
the way you saw them to preserve the security on the file. You don't want
just any user editing it.
If you want to preserve the file's before and after state (so you can keep
track of changes), you could make a copy or you could also use a version
control system. While it's not installed by default, I've found Mercurial
easy to install and use for basic tasks like this.
As another note, if you're just trying to give more users the equivalent of
admin privileges, you can do that directly in the GUI by finding the user's
account in System Preferences > Accounts, and clicking the "admin" checkbox.
This adds the user to the admin group, which is given full sudo privileges
on a default Mac OS X install.
A main reason to modify the sudoers file is to give select users/groups
lesser privileges that what the admin group gets by default, but still allow
them to be elevated over what normal (non-admin) user accounts get.
--
Jeremy Reichman
Senior Desktop Systems Engineer
Information and Technology Services
Rochester Institute of Technology
_______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users
This email sent to email@hidden